Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2014-07-19 CVE-2014-2367 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
network
advantech CWE-200
4.3
2014-07-19 CVE-2014-2366 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
network
low complexity
advantech CWE-200
4.0
2014-07-19 CVE-2014-2365 Remote Code Execution vulnerability in Advantech Webaccess 5.0/6.0/7.0
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
network
low complexity
advantech
5.5
2014-07-19 CVE-2014-2364 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0773 Security Bypass vulnerability in Advantech Webaccess 5.0/6.0/7.0
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
network
low complexity
advantech
7.5
2014-04-12 CVE-2014-0772 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
network
low complexity
advantech CWE-200
5.0
2014-04-12 CVE-2014-0771 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
network
low complexity
advantech CWE-200
5.0
2014-04-12 CVE-2014-0770 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0768 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0767 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.
network
low complexity
advantech CWE-119
7.5